Skip to content

Dot1x

802.1X is an IEEE standard for port-based network access control that provides authentication framework to prevent unauthorized devices from accessing network resources until proper credentials are validated. It operates using the Extensible Authentication Protocol (EAP) to facilitate secure communication between supplicants (client devices), authenticators (network switches), and authentication servers (typically RADIUS). The 802.1X framework supports various authentication methods including username/password, digital certificates, and smart cards, enabling organizations to implement comprehensive network access control policies with granular user and device identification capabilities.

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
dot1xClass[dot1x]No

dot1x (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
auth_fail_eapolBooleantrue, falseNo
credentialsList[credentials]No
critical_eapol_config_blockBooleantrue, falseNo
critical_recovery_delayIntegermin: 1, max: 10000No
test_timeoutIntegermin: 1, max: 65535No
logging_verboseBooleantrue, falseNo
supplicant_controlled_transientBooleantrue, falseNo
supplicant_force_multicastBooleantrue, falseNo
system_auth_controlBooleantrue, falseNo

credentials (iosxe.devices.configuration.dot1x)

NameTypeConstraintMandatoryDefault Value
profile_nameStringYes
descriptionStringNo
usernameStringNo
password_typeChoice0, 6, 7No
passwordStringNo
pki_trustpointStringNo
anonymous_idStringNo

Examples

iosxe:
devices:
- name: Device1
configuration:
dot1x:
auth_fail_eapol: true
critical_eapol_config_block: true
critical_recovery_delay: 20
test_timeout: 20
logging_verbose: true
supplicant_controlled_transient: true
supplicant_force_multicast: true
system_auth_control: true
credentials:
- profile_name: first_creds
description: first profile test
username: test_user
password_type: '0'
password: test_pass
pki_trustpoint: sample_trustpoint
anonymous_id: anon_test_1